Bears and WordPress Security

The other day, a friend learned that I worked in WordPress, the technology that powers Evermore. They said they loved WordPress except for that one time their site got hacked.

She and her husband started a WordPress blog together shortly after they were married to share their lives with family and friends. Their site was redirected to porn. She said it was a nightmare. She said her family—very traditional—periodically checked on their blog to check in on the latest, and were suddenly exposed to hardcore pornography.

I asked her if their hosting company helped them resolve this. Her answer was, unfortunately, not surprising to me all.

“Our hosting company did absolutely nothing to help us. We were completely on our own. Every friend and family member that wanted to check in on the latest from our blog saw porn. It was a nightmare.”

What’s at Stake?

This was a family blog. They suffered embarrassment and the hassle of fixing everything, but imagine if this was their family business. On top of embarrassment and aggravation, they would have risked financial loss that could have jeopardized their livelihood.

People don’t realize how easily this can happen, because many low-cost hosts promise the world for nothing, saying that you can have a site of your dreams for free (or very cheap). They get you in the door with a crazy good deal, offer no helpful service when you need it, and often nickel-and-dime you once you’re locked in, not interested in the hassle of switching hosts, and need help immediately. All day long this is happening to good people.

Scare Tactics

My business partner, Cliff, and myself have talked a lot about how we go about maintaining our integrity when trying to explain the value of things like this. We think using scare tactics to sell things is a bad idea, and we don’t want to use them. Ever.

However, we do want to be realistic and honest. It’s hard to know what you’re getting yourself into with hosting (or most other things involved in managing a website for that matter). It’s difficult to comprehend the panic and frustration that ensues when something does go wrong, like my friend experienced with her blog.

If we fail to educate people as to the risks they are taking, we do them a disservice.

Bears

I’ll give an example of what I mean.

This summer, I went camping in the Grand Tetons National Park with some friends. The park rangers mandated that we rent bear canisters and strongly recommended that we bring bear spray (yes, this product exists). My first thought was, “Maybe they’re just trying to sell us stuff. Let’s not do it.”

I assumed it was a scare tactic.

You know what?

We actually saw bears.One of the actual bears I saw.

It’s not a scare tactic if it’s true and the intentions are good! Bears are no joke out there. Likewise, the security of your site ought to be taken seriously.

Facing Reality

Yes, the open-source code for WordPress is free. You can download it and figure out how to install it and use it.

There is still no free lunch, though. You are guaranteed to pay with your time.

My friend and her husband—and, for that matter, most people who don’t have a budget for a blog or site—might have been better off considering a free Tumblr, WordPress.com, or SquareSpace blog. They would not have had to worry about versions, plugins, maintenance, hosting, security, or anything of that sort.

If you want the power of open-source, self-hosted WordPress, it’s going to cost you time, money, or a mixture of both. If you want to do it well and cover your bases, it will cost more. All that power comes with potential complexity. I started out just tinkering with WordPress and it’s turned into a career!

That’s why Evermore, affordably harnessing and delivering the power of WordPress, can be a great platform for your business. You get something that you can grow with, that can help you run your business without unexpected time drains and costs, and that doesn’t limit you long-term.

And all those concerns about security? Taken care of. Your site is monitored, and fixed immediately when something goes wrong.

For the Tinkerers

If you want to avoid the situation my friend found herself in, but Evermore isn’t for you, we recommend one of two options:

Pay for Sucuri (the experts) to secure your self-hosted WordPress site. You can rest easy knowing your site is being monitored and fixed.

If you want to spend no money, you’ll need to pay in time. Start going through best practices—like these from Moz—and do the hard work to secure your site. You owe it to your business to protect your best marketing asset.

Feel free to email me directly if you have any questions, and I’ll be glad to help you.